Hello All and Thanks,
I given openvpn a go and freedombox has been perfect ! Now it Wireguard.
My setup is Debian 11 and it as been install with:
DEBIAN_FRONTEND=noninteractive apt install freedombox
On a VPS and ufw as been disabled.
Wireguard handshake is OK but there is no internet access. I can not ping the freedombox server with wireguard server ip address 10.84.0.1 from the client 10.84.0.2
Below I have copy and paste some of the network information for my setup. I have look into the var log of freedombox but I could not see any thing of interest.
Any pointer welcome !
Regards: peter
VPS Server
ip addr show
wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.84.0.1/24 brd 10.84.0.255 scope global noprefixroute wg0
valid_lft forever preferred_lft forever
inet6 fe80::a96a:4ed5:fc87:9b35/64 scope link stable-privacy
valid_lft forever preferred_lft forever
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 216.238.78.1 0.0.0.0 UG 100 0 0 enp1s0
10.84.0.0 0.0.0.0 255.255.255.0 U 50 0 0 wg0
10.84.0.2 0.0.0.0 255.255.255.255 UH 50 0 0 wg0
169.254.169.254 216.238.78.1 255.255.255.255 UGH 100 0 0 enp1s0
216.238.78.0 0.0.0.0 255.255.254.0 U 100 0 0 enp1s0
wg show
interface: wg0
public key: ZRcbHrG76JZW2plqFHDZ8e5N/LntixqUFObZnvVXciI=
private key: (hidden)
listening port: 51820
peer: 7w6acekKkI6YIKYcofEEFyTgZ4FonkxUuiTNMrDF2G0=
endpoint: 78.146.78.211:57753
allowed ips: 10.84.0.2/32
latest handshake: 1 hour, 32 minutes, 20 seconds ago
transfer: 1.64 MiB received, 131.71 KiB sent
persistent keepalive: every 25 seconds
nano /etc/sysctl.conf
Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Client
ip addr show
wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.84.0.2/32 scope global noprefixroute wg0
valid_lft forever preferred_lft forever
inet6 fe80::2afd:4074:7222:d42a/64 scope link stable-privacy
valid_lft forever preferred_lft forever
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.84.0.1 0.0.0.0 UG 50 0 0 wg0
0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlp4s0
10.84.0.1 0.0.0.0 255.255.255.255 UH 50 0 0 wg0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp4s0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp4s0
wg show
interface: wg0
public key: 7w6acekKkI6YIKYcofEEFyTgZ4FonkxUuiTNMrDF2G0=
private key: (hidden)
listening port: 57753
fwmark: 0xcb5f
peer: ZRcbHrG76JZW2plqFHDZ8e5N/LntixqUFObZnvVXciI=
endpoint: 216.238.78.181:51820
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 1 hour, 31 minutes, 34 seconds ago
transfer: 124.68 KiB received, 527.21 MiB sent
persistent keepalive: every 25 seconds
resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
DNS Domain: lan
Link 2 (enp6s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 3 (wlp4s0)
Current Scopes: DNS
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
DNS Servers: 192.168.1.1
DNS Domain: lan
Link 75 (wg0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 8.8.8.8
DNS Servers: 8.8.8.8